Refactor creation of containers in embedded mode for more consistency
and flexibility. (remm)

Log a warning if running on Java 9 with the ThreadLocal memory leak
detection enabled (the default) but without the command line option it
now requires. (markt)

When a Connector is configured to use an executor, ensure that the
StoreConfig component includes the executor name when writing the
Connector configuration. (markt)

When configuring the JMX remote listener, specify the allowed types for
the credentials. (markt)

Coyote

Correct the HPACK header table size configuration that transposed the
client and server table sizes when creating the encoder and decoder.
(markt)

Review HTTP/2 implementation removing unused code, reducing visibility
where possible and using final where appropriate. (markt)

Don't continue to process an HTTP/2 stream if it is reset during header
parsing. (markt)

HTTP/2 uses separate headers for each Cookie. As required by RFC 7540,
merge these into a single Cookie header before processing continues.
(markt)

Align the HTTP/2 implementation with the HTTP/1.1 implementation and
return a 500 response when an unhandled exception occurs during request
processing. (markt)

Correct the HTTP header parser so that DEL is not treated as a valid
token character. (markt)

Add checks around the handling of HTTP/2 pseudo headers. (markt)

Add support for trailer headers to the HTTP/2 implementation. (markt)

60232: When processing headers for an HTTP/2 stream, ensure
that the read buffer is large enough for the header being processed.
(markt)

Add configuration options to the HTTP/2 implementation to control the
maximum number of headers allowed, the maximum size of headers allowed,
the maximum number of trailer headers allowed, the maximum size of
trailer headers allowed and the maximum number of cookies allowed.
(markt)

Correctly differentiate between sending and receiving a reset frame when
tracking the state of an HTTP/2 stream. (markt)

Remove the undocumented support for using the old Connector attribute
names backlog, soLinger and
soTimeout that were renamed several major versions ago.
(markt)

60319: When using an Executor, disconnect it from the
Connector attributes maxThreads,
minSpareThreads and threadPriority to enable
the configuration settings to be consistently reported. These Connector
attributes will be reported as -1 when an Executor is in
use. The values used by the executor may be set and obtained via the
Executor. (markt)

If an I/O error occurs during async processing on a non-container
thread, ensure that the onError() event is triggered.
(markt)

Improve detection of I/O errors during async processing on non-container
threads and trigger async error handling when they are detected. (markt)

Add additional checks for valid characters to the HTTP request line
parsing so invalid request lines are rejected sooner. (markt)

Other

Remove classes from tomcat-util-scan.jar that are duplicates of those in
tomcat-util.jar. (markt)

Update the NSIS Installer used to build the Windows installer to version
3.0. (markt)

2016-10-10 Tomcat 9.0.0.M11

Catalina

59961: Add an option to the StandardJarScanner
to control whether or not JAR Manifests are scanned for additional
class path entries. (markt)

60013: Refactor the previous fix to align the behaviour of
the Rewrite Valve with mod_rewrite. As part of this, provide an
implementation for the B and NE flags and
improve the handling for the QSA flag. Includes multiple
test cases by Santhana Preethiand a patch by Tiago Oliveira. (markt)

60087: Refactor the web resources handling to use the Tomcat
specific war:file:... URL protocol to refer to WAR files
and their contents rather than the standard jar:file:...
form since some components of the JRE, such as JAR verification, give
unexpected results when the standard form is used. A side-effect of the
refactoring is that when using packed WARs, it is now possible to
reference a WAR and/or specific JARs within a WAR in the security policy
file used when running under a SecurityManager. (markt)

60116: Fix a problem with the rewrite valve that caused back
references evaluated in conditions to be forced to lower case when using
the NC flag. (markt)

Ensure Digester.useContextClassLoader is considered in
case the class loader is used. (violetagg)

60117: Ensure that the name of LogLevel is
localized when using OneLineFormatter. Patch provided by
Tatsuya Bessho. (kfujino)

60138: Fix the SSLHostConfig so that the
protocols attribute is limited to the protocols supported
by the current JSSE implementation rather than the default protocols
used by the implementation. (markt)

60146: Improve performance for resource retrieval by making
calls to WebResource.getInputStream() trigger caching if the resource is
small enough. Patch provided by mohitchugh. (markt)

60151: Improve the exception error messages when a
ResourceLink fails to specify the type, specifies an
unknown type or specifies the wrong type. (markt)

60167: Ignore empty lines in /etc/passwd files
when using the PasswdUserDatabase. (markt)

Coyote

Refactor the code that implements the requirement that a call to
complete() or dispatch() made from a
non-container thread before the container initiated thread that called
startAsync() completes must be delayed until the container
initiated thread has completed. Rather than implementing this by
blocking the non-container thread, extend the internal state machine to
track this. This removes the possibility that blocking the non-container
thread could trigger a deadlock. (markt)

Fail earlier if the client closes the connection during SNI processing.
(markt)

60123: Avoid potential threading issues that could cause
excessively large values to be returned for the processing time of
a current request. (markt)

Jasper

Web applications

Expand the documentation for the nested elements within a
Resources element to clarify the behaviour of different
configuration options with respect to the order in which resources are
searched. (markt)

Add an example of using the classesToInitialize attribute
of the JreMemoryLeakPreventionListener to the documentation
web application. Based on a patch by Cris Berneburg. (markt)

60192: Correct a typo in the status output of the Manager
application. Patch provided by Radhakrishna Pemmasani. (markt)

jdbc-pool

Notify jmx when returning the connection that has been marked suspect.
(kfujino)

Ensure that the POOL_EMPTY notification has been added to
the jmx notification types. (kfujino)

60099: Ensure that use all method arguments as a cache key
when using StatementCache. (kfujino)

Other

Update the download location for Objenesis. (violetagg)

60164: Replace log4j-core*.jar with
log4j-web*.jar since it is log4j-web*.jar that
contains the ServletContainerInitializer. (markt)

Add documentation to the bin/catalina.bat script to remind users that
environment variables don't affect the configuration of Tomcat when
run as a Windows Service. Based upon a documentation patch by
James H.H. Lampert. (schultz)

Update the packaged version of the Tomcat Native Library to 1.2.10 to
pick up the latest Windows binaries built with OpenSSL 1.0.2j. (markt)

2016-09-05 Tomcat 9.0.0.M10

Catalina

59813: Ensure that circular relations of the Class-Path
attribute from JAR manifests will be processed correctly. (violetagg)

Ensure that reading the singleThreadModel attribute of a
StandardWrapper via JMX does not trigger initialisation of
the associated servlet. With some frameworks this can trigger an
unexpected initialisation thread and if initilisation is not thread-safe
the initialisation can then fail. (markt)

Compatibility with rewrite from httpd for non existing headers.
(jfclere)

By default, treat paths used to obtain a request dispatcher as encoded.
This behaviour can be changed per web application via the
dispatchersUseEncodedPaths attribute of the Context.
(markt)

Provide a mechanism that enables the container to check if a component
(typically a web application) has been granted a given permission when
running under a SecurityManager without the current execution stack
having to have passed through the component. Use this new mechanism to
extend SecurityManager protection to the system property replacement
feature of the digester. (markt)

When retrieving an object via a ResourceLink, ensure that
the object obtained is of the expected type. (markt)

59823: Ensure that JASPIC configuration is taken into account
when calling HttpServletRequest.authenticate(). (markt)

59862: Allow nested jar files scanning to be filtered with
the system property
tomcat.util.scan.StandardJarScanFilter.jarsToSkip. Patch
is provided by Terence Bandoian. (violetagg)

59866: When scanning WEB-INF/classes for
annotations, don't scan the contents of
WEB-INF/classes/META-INF (if present) since classes will
never be loaded from that location. (markt)

59888: Correctly handle tabs and spaces in quoted version one
cookies when using the Rfc6265CookieProcessor. (markt)

A number of the JRE memory leaks addressed by the
JreMemoryLeakPreventionListener have been fixed in Java 9
so the associated protection is now disabled when running on Java 9
onwards. (markt)

59912: Fix an edge case in input stream handling where an
IOException could be thrown when reading a POST body.
(markt)

59913: Correct a regression introduced with the support for
the Servlet 4 HttpServletRequest.getMapping() API that
caused the attributes for forwarded requests to be lost if requested
from within a subsequent include. (markt)

59966: Do not start the web application if the error page
configuration in web.xml is invalid. (markt)

Switch the CGI servlet to the standard logging mechanism and remove
support for the debug attribute. (markt)

60012: Improvements in the log messages. Based on
suggestions by Nemo Chen. (violetagg)

Changes to the allowLinking attribute of a
StandardRoot instance now invalidate the cache if caching
is enabled. (markt)

Add a new initialisation parameter, envHttpHeaders, to
the CGI Servlet to mitigate httpoxy
(CVE-2016-5388) by default and to provide a mechanism that can be
used to mitigate any future, similar issues. (markt)

When adding and removing ResourceLinks dynamically, ensure
that the global resource is only visible via the
ResourceLinkFactory when it is meant to be. (markt)

60008: When processing CORs requests, treat any origin with a
URI scheme of file as a valid origin. (markt)

Improve handling of exceptions during a Lifecycle events triggered by a
state transition. The exception is now caught and the component is now
placed into the FAILED state. (markt)

60022: Improve handling when a WAR file and/or the associated
exploded directory are symlinked into the appBase. (markt)

Fix a file descriptor leak when reading the global web.xml. (markt)

Consistently decode URL patterns provided via web.xml using the encoding
of the web.xml file where specified or UTF-8 where no explicit encoding
is specified. (markt)

Make timing attacks against the Realm implementations harder. (schultz)

Coyote

Correct a regression in refactoring to enable injection of custom
keystores that broke the automatic conversion of OpenSSL style PEM
key and certificate files for use with JSSE TLS connectors. (markt)

59910: Don't hardcode key alias value to "tomcat" for JSSE.
When using a keystore, OpenSSL will still default to it. (remm)

59904: Add a limit (default 200) for the number of cookies
allowed per request. Based on a patch by gehui. (markt)

59925: Correct regression in r1628368 and ensure that HTTP
separators are handled as configured in the
LegacyCookieProcessor. Patch provided by Kyohei Nakamura.
(markt)

59950: Correct log message when reporting that the current
number of HTTP/2 streams for a connection could not be pruned to below
the limit. (markt)

Ensure that Semaphore.release is called in all cases. Even
when there is an exception. (violetagg)

60030: Correct a potential infinite loop in the SNI parsing
code triggered by failing to handle an end of stream condition. (markt)

Refactor the JSSE client certificate validation so that the
effectiveness of the certificateVerificationDepth
configuration attribute does not depend on the presence of a certificate
revokation list. (markt)

Small logging optimization in the Rfc6265CookieProcessor.
Patch provided by Svetlin Zarev. (markt)

OpenSSL now disables 3DES by default so reflect this when using OpenSSL
syntax to select ciphers. (markt)

Use the proper ERROR socket status code for async errors with NIO2.
(remm)

60035: Fix a potential connection leak if the client drops a
TLS connection before the handshake completes. (markt)

Log a warning at start up if a JSSE TLS connector is configured with
a trusted certificate that is either not yet valid or has expired.
(markt)

Jasper

When writing out a full web.xml file with JspC ensure that the encoding
used in the XML prolog matches the encoding used to write the contents
of the file. (markt)

Improve the error handling for custom tags to ensure that the tag is
returned to the pool or released and destroyed once used. (markt)

Update the internal fork of Commons FileUpload to afdedc9. This pulls in
a fix to improve the performance with large multipart boundaries.
(markt)

2016-07-12 Tomcat 9.0.0.M9

Catalina

18500: Add limited support for wildcard host names and host
aliases. Names of the form *.domainname are now permitted.
Note that an exact host name match takes precedence over a wild card
host name match. (markt)

57705: Add debug logging for requests denied by the remote
host and remote address valves and filters. Based on a patch by Graham
Leggett. (markt)

Correct a regression in the fix for 58588 that removed the
entire org.apache.juli package from the embedded JARs
rendering them unusable. (markt)

59399: Add a new option to the Realm implementations that
ship with Tomcat that allows the HTTP status code used for HTTP -> HTTPS
redirects to be controlled per Realm. (markt)

59708: Modify the LockOutRealm logic. Valid authentication
attempts during the lock out period will no longer reset the lock out
timer to zero. (markt)

Change the default of the
sessionCookiePathUsesTrailingSlash attribute of the
Context element to false since the problems
caused when a Servlet is mapped to /* are more significant
than the security risk of not enabling this option by default. (markt)

Do not attempt to start web resources during a web application's
initialisation phase since the web application is not fully configured
at that point and the web resources may not be correctly configured.
(markt)

Improve error handling around user code prior to calling
InstanceManager.destroy() to ensure that the method is
executed. (markt)

Coyote

Fix a cause of multiple attempts to close the same socket. (markt)

Refactor the certificate keystore and trust store generation to make it
easier for embedded users to inject their own key stores. (markt)

Add a maxConcurrentStreamExecution on the HTTP/2
protocol handler to allow restricting the amount of concurrent stream
that are being executed in a single connection. The default is to
not limit it. (remm)

Correct a problem with ServletRequest.getServerPort() for
secure HTTP/2 connections that meant an incorrect value was returned when
using the default port. (markt)

Improve error handling around user code prior to calling
InstanceManager.destroy() to ensure that the method is
executed. (markt)

Jasper

Improve error handling around user code prior to calling
InstanceManager.destroy() to ensure that the method is
executed. (markt)

WebSocket

Now the WebSocket implementation is not built directly on top of the
Servlet API and can use Tomcat internals, there is no need for the
dedicated WebSocket Executor. It has been replaced by the use of the
Connector/Endpoint provided Executor. (markt)

Improve error handling around user code prior to calling
InstanceManager.destroy() to ensure that the method is
executed. (markt)

Web Applications

Do not log an additional case of IOExceptions in the
error handler for the Drawboard WebSocket example when the root cause is
the client disconnecting since the logs add no value. (markt)

59642: Mention the localDataSource in the
DataSourceRealm section of the Realm How-To. (markt)

59672: Update the security considerations page of the
documentation web application to take account of the fact that the
Manager and HostManager applications now have a
RemoteAddrValve configured by default. (markt)

Follow-up to the fix for 59399. Ensure that the new attribute
transportGuaranteeRedirectStatus is documented for all
Realms. Also document the NullRealm and
when it is automatically created for an Engine. (markt)

Fix the description of maxAge attribute in jdbc-pool doc.
This attribute works both when a connection is returned and when a
connection is borrowed. (kfujino)

59774: Correct the prefix values in the
documented examples for configuring the AccessLogValve.
Patch provided by Mike Noordermeer. (markt)

Tribes

Add log message when the ping has timed-out. (kfujino)

If the ping message has been received at the
AbstractReplicatedMap#leftOver method, ensure that notify
the member is alive than ignore it. (kfujino)

Other

Use the mirror network rather than the ASF master site to download the
current ASF dependencies. (markt)

Update the packaged version of the Tomcat Native Library to 1.2.8 to
pick up the latest fixes and make 1.2.8 the minimum recommended version.
(markt)

2016-06-13 Tomcat 9.0.0.M8

Coyote

Remove accidentally committed debug code. (markt)

not released Tomcat 9.0.0.M7

Catalina

RMI Target related memory leaks are avoidable which makes them an
application bug that needs to be fixed rather than a JRE bug to work
around. Therefore, start logging RMI Target related memory leaks on web
application stop. Add an option that controls if the check for these
leaks is made. Log a warning if running on Java 9 with this check
enabled but without the command line option it requires. (markt)

Ensure NPE will not be thrown during deployment when scanning jar files
without MANIFEST.MF file. (violetagg)

Remove the clearReferencesStatic option from
StandardContext. It was known to cause problems with some
libraries (such as log4j) and was only linked to suspected memory leaks
rather than known memory leaks. It had been disabled by default with no
increase in the reports of memory leaks for some time. (markt)

59604: Correct the assumption made in the URL decoding that
the default platform encoding is always compatible with ISO-8859-1. This
assumption is not always valid, e.g. on z/OS. (markt)

59608: Skip over any invalid Class-Path attribute
from JAR manifests. Log errors at debug level due to many bad libraries.
(remm)

Fix error message when failed to register MBean. (kfujino)

59655: Configure the cookie name validation to use RFC6265
rules by default to align it with the default cookie parser. Document
the impact system properties have on cookie name validation. (mark)

Coyote

Ensure that requests with HTTP method names that are not tokens (as
required by RFC 7231) are rejected with a 400 response. (markt)

When an asynchronous request is processed by the AJP connector, ensure
that request processing has fully completed before starting the next
request. (markt)

Improve handling of HTTP/2 stream resets. (markt)

58750: The HTTP Server header is no longer set by default. A
Server header may be configured by setting the server
attribute on the Connector. A new Connector
attribute, serverRemoveAppProvidedValues may be used to
remove any Server header set by a web application. (markt)

Modify the handling of read/write timeouts so that the appropriate error
handling (ReadListener.onError(),
WriteListener.onError() or
AsycnListener.onError()) is called. (markt)

If an async dispatch results in the completion of request processing,
ensure that any remaining request body is swallowed before starting the
processing of the next request else the remaining body may be read as the
start of the next request leading to a 400 response. (markt)

WebSocket

Web applications

58891: Update the SSL how-to. Based on a suggestion by
Alexander Kjäll. (markt)

Extras

58588: Remove the JULI extras package from the distribution.
It was only useful for switching Tomcat's internal logging to log4j
1.2.x and that version of log4j is no longer supported. No additional
Tomcat code is required if switching Tomcat's internal logging to log
via log4j 2.x. (markt)

jdbc-pool

Fix a memory leak with the pool cleaner thread that retained a reference
to the web application class loader for the first web application to use
a connection pool. (markt)

58626: Add support for a new environment variable
(USE_NOHUP) that causes nohup to be used when
starting Tomcat. It is disabled by default except on HP-UX where it is
enabled by default since it is required when starting Tomcat at boot on
HP-UX. (markt)

2016-05-16 Tomcat 9.0.0.M6

Catalina

Ensure that annotated web components packed in web fragments will be
processed when unpackWARs is enabled. (violetagg)

not released Tomcat 9.0.0.M5

Catalina

48922: Apply a very small performance improvement to the
date formatting in Tomcat's internal request object. Based on a patch
provided by Ondrej Medek. (markt)

59206: Ensure NPE will not be thrown by
o.a.tomcat.util.file.ConfigFileLoader when
catalina.base is not specified. (violetagg)

59217: Remove duplication in the recycling of the path in
o.a.tomcat.util.http.ServerCookie. Patch is provided by
Kyohei Nakamura. (violetagg)

Ensure that javax.servlet.ServletRequest and
javax.servlet.ServletResponse provided during
javax.servlet.AsyncListener registration are made
available via javax.servlet.AsyncEvent.getSuppliedRequest
and javax.servlet.AsyncEvent.getSuppliedResponse
(violetagg)

59219: Ensure AsyncListener.onError() is called
if an Exception is thrown during async processing. (markt)

59220: Ensure that AsyncListener.onComplete() is
called if the async request times out and the response is already
committed. (markt)

59226: Process the Class-Path attribute from
JAR manifests for JARs on the class path excluding JARs packaged in
WEB-INF/lib. (markt)

59256: slf4j-taglib*.jar should not be excluded
from the standard JAR scanning by default. (violetagg)

Clarify the log message that specifying both urlPatterns and value
attributes in @WebServlet and @WebFilter annotations is not allowed.
(violetagg)

Ensure the exceptions caused by Valves will be available in the log
files so that they can be evaluated when
o.a.catalina.valves.ErrorReportValve.showReport is
disabled. Patch is provided by Svetlin Zarev. (violetagg)

Remove unused distributable attribute that is defined as
TransientAttribute of Manager in StoreConfig.
(kfujino)

Fix handling of Cluster Receiver in StoreConfig. The bind
and host attributes define as
TransientAttribute. (kfujino)

59261: ServletRequest.getAsyncContext() now
throws an IllegalStateException as required by the Servlet
specification if the request is not in asynchronous mode when called.
(markt)

59269: Correct the implementation of
PersistentManagerBase so that minIdleSwap
functions as designed and sessions are swapped out to keep the active
session count below maxActiveSessions. (markt)

Update the implementation of the proposed Servlet 4.0 API to provide
mapping type information for the current request to reflect discussions
within the EG. (markt)

Correctly configure the base path for a resources directory provided by
an expanded JAR file. Patch provided by hengyunabc. (markt)

When multiple compressed formats are available and the client does not
express a preference, use the server order to determine the preferred
format. Based on a patch by gmokki. (markt)

59284: Allow the Tomcat provided JASPIC
SimpleServerAuthConfig to pick up module configuration
properties from either the property set passed to its constructor or
from the properties passed in the call to getAuthContext.
Based on a patch by Thomas Maslen. (markt)

59310: Do not add a Content-Length: 0 header for
custom responses to HEAD requests that do not set a
Content-Length value. (markt)

When normalizing paths, improve the handling when paths end with
/. or /.. and ensure that input and output are
consistent with respect to whether or not they end with /.
(markt)

59317: Ensure that
HttpServletRequest.getRequestURI() returns an encoded URI
rather than a decoded URI after a dispatch. (markt)

Use the correct URL for the fragment when reporting errors processing
a web-fragment.xml file from a JAR located in an unpacked
WAR. (markt)

Ensure that JarScanner only uses the explicit call-back to
process WEB-INF/classes and only when configured to treat
the contents of WEB-INF/classes as a possible exploded JAR.
(markt)

Remove the java2DDisposerProtection option from the
JreMemoryLeakPreventionListener. The leak is fixed in Java
7 onwards and Tomcat 9 requires Java 8 so the option is unnecessary.
(markt)

Remove the securityPolicyProtection option from the
JreMemoryLeakPreventionListener. The leak is fixed in Java
8 onwards and Tomcat 9 requires Java 8 so the option is unnecessary.
(markt)

Remove the securityLoginConfigurationProtection option from
the JreMemoryLeakPreventionListener. The leak is fixed in
Java 8 onwards and Tomcat 9 requires Java 8 so the option is
unnecessary. (markt)

Ensure that the value for the header X-Frame-Options is
constructed correctly according to the specification when
ALLOW-FROM option is used. (violetagg)

Fix an IllegalArgumentException if the first use of an
internal Response object requires JASPIC authentication.
(markt)

Do not trigger unnecessary session ID changes when using JASPIC and the
user is authenticated using cached credentials. (markt)

Coyote

Change the default for honorCipherOrder to
false. With the current default TLS configuration, it is no
longer necessary for this to be true for a reasonably
secure configuration. (markt)

Add a new environment variable JSSE_OPTS that is intended
to be used to pass JVM wide configuration to the JSSE implementation.
The default value is -Djdk.tls.ephemeralDHKeySize=2048
which protects against weak Diffie-Hellman keys. (markt)

58970: Fix a connection counting bug in the NIO connector
that meant some dropped connections were not removed from the current
connection count. (markt)

59289: Do not recycle upgrade processors in unexpected close
situations. (remm)

59295: Use Locale.toLanguageTag() to construct
the Content-Language HTTP header to ensure the locale is
correctly represented. Patch provided by zikfat. (markt)

59295: Add support for using pem encoded certificates with
JSSE SSL. Submitted by Emmanuel Bourg with additional tweaks. (remm)

Make the TLS certificate chain available to clients when using
JSSE+OpenSSL with the certificate chain stored in a Java KeyStore.
(markt)

Work around a
known issue in OpenSSL that does not permit the TLS handshake to be
failed if the ALPN negotiation fails. (markt)

Other

59280: Update the NSIS Installer used to build the
Windows Installers to version 2.51. (kkolinko)

Update the packaged version of the Tomcat Native Library to 1.2.7 to
pick up the Windows binaries that are based on OpenSSL 1.0.2h and APR
1.5.2. (markt)

2016-03-16 Tomcat 9.0.0.M4

Catalina

Ensure that /WEB-INF/classes is never processed as a web
fragment. (markt)

Switch default connector when native is installed. Unless configured
otherwise, the NIO endpoint will be used by default. If SSL is
configured, OpenSSL will be used rather than JSSE. (remm)

Correct a regression in the fix for 58867. When configuring a
Context to use an external directory for the docBase, and
that directory happens to be located along side the original WAR, use
the directory as the docBase rather than expanding the
WAR into the appBase and using the newly created expanded
directory as the docBase. (markt)

58351: Make the server build date and server version number
accessible via JMX. Patch provided by Huxing Zhang. (markt)

58988: Special characters in the substitutions for the
RewriteValve can now be quoted with a backslash. (fschumacher)

58999: Fix class and resource name filtering in
WebappClassLoader. It throws a StringIndexOutOfBoundsException if the
name is exactly "org" or "javax". (rjung)

Add JASPIC (JSR-196) support. (markt)

Make checking for var and map replacement in RewriteValve a bit stricter
and correct detection of colon in var replacement. (fschumacher)

Refactor the web application class loader to reduce the impact of JAR
scanning on the memory footprint of the web application. (markt)

Fix some resource leaks in the error handling for accessing files from
JARs and WARs. (markt)

Refactor the JAR and JAR-in-WAR resource handling to reduce the memory
footprint of the web application. (markt)

Refactor the web.xml parsing so a new parser is created every time the
web application starts rather than creating and caching the parser when
the Context is created. This enables the parser to take account of
modified Context configuration parameters and reduces (slightly) the
memory footprint of a running Tomcat instance. (markt)

Switch the web application class loader to the
ParallelWebappClassLoader by default. (markt)

57809: Remove the custom context attribute that held the
effective web.xml. Components needing access to configuration
information may access it via the Servlet API. (markt)

Refactor JAR scanning to reduce memory footprint. (markt)

59001: Correctly handle the case when Tomcat is installed on
a path where one of the segments ends in an exclamation mark. (markt)

Expand the fix for 59001 to cover the special sequences used
in Tomcat's custom jar:war: URLs. (markt)

59043: Avoid warning while expiring sessions associated with
a single sign on if HttpServletRequest.logout() is used.
(markt)

59054: Ensure that using the
CrawlerSessionManagerValve in a distributed environment
does not trigger an error when the Valve registers itself in the
session. (markt)

Add socket properties support to storeconfig. (remm)

Fix incorrect parsing of the NE and NC flags in rewrite rules. (remm)

59065: Correct the timing of the check for colons in paths
on non-Windows systems implemented in catalina.sh so it
works correctly with Cygwin. Patch provided by Ed Randall. (markt)

When a Host is configured with an appBase that does not exist, create
the appBase before trying to expand an external WAR file into it.
(markt)

59115: When using the Servlet 3.0 file upload, the submitted
file name may be provided as a token or a quoted-string. If a
quoted-string, unquote the string before returning it to the user.
(markt)

59123: Close NamingEnumeration objects used by
the JNDIRealm once they are no longer required.
(fschumacher/markt)

Implement the proposed Servlet 4.0 API to provide mapping type
information for the current request. (markt)

59138: Correct a false positive warning for ThreadLocal
related memory leaks when the key class but not the value class has been
loaded by the web application class loader. (markt)

59017: Make the pre-compressed file support in the Default
Servlet generic so any compression may be used rather than just gzip.
Patch provided by Mikko Tiihonen. (markt)

59145: Don't log an invalid warning when a user logs out of
a session associated with SSO. (markt)

59150: Add an additional flag on APR listener to allow
disabling automatic use of OpenSSL. (remm)

59151: Fix a regression in the fix for 56917 that
added additional (and arguably unnecessary) validation to the provided
redirect location. (markt)

59154: Fix a NullPointerException in the
JAASMemoryLoginModule resulting from the introduction of
the CredentialHandler to Realms.
(schultz/markt)

Coyote

Handle the case in the NIO2 connector where the required TLS buffer
sizes increase after the connection has been initiated. (markt/remm)

Bad processing of handshake errors in NIO2. (remm)

Use JSSE session configuration options with OpenSSL. (remm)

59015: Fix potential cause of endless APR Poller loop during
shutdown if the Poller experiences an error during the shutdown process.
(markt)

Align cipher aliases for kECDHE and ECDHE with
the current OpenSSL implementation. (markt)

Jasper

Update to the Eclipse JDT Compiler 4.5.1. (markt)

57583: Improve the performance of
javax.servlet.jsp.el.ScopedAttributeELResolver when
resolving attributes that do not exist. This improvement only works when
Jasper is used with Tomcat's EL implementation. (markt)

WebSocket

Fix a timing issue on session close that could result in an exception
being thrown for an incomplete message even through the message was
completed. (markt)

Correctly handle compression of partial messages when the final message
fragment has a zero length payload. (markt)

59134: Correct client connect logic for secure connections
made through a proxy. (markt)

Web applications

Correct an error in the documentation of the expected behaviour for
automatic deployment. If a WAR is updated and an expanded directory is
present, the directory will always be deleted and recreated by expanding
the WAR if unpackWARs is true. (markt)

48674: Implement an option within the Host Manager web
application to persist the current configuration. Based on a patch by
Coty Sutherland. (markt)

58935: Remove incorrect references in the documentation to
using jar:file: URLs with the Manager application. (markt)

New configuration option ajpFlush for the AJP connectors
to disable the sending of AJP flush packets. (rjung)

Handle the case in the NIO connector where the required TLS buffer sizes
increase after the connection has been initiated. (markt)

not released Tomcat 9.0.0.M2

Catalina

Refactor creation of MapperListener to ensure that the
Mapper used is the Mapper associated with the
Service for which the listener was created. (markt)

Move the functionality that provides redirects for context roots and
directories where a trailing / is added from the Mapper to
the DefaultServlet. This enables such requests to be
processed by any configured Valves and Filters before the redirect is
made. This behaviour is configurable via the
mapperContextRootRedirectEnabled and
mapperDirectoryRedirectEnabled attributes of the Context
which may be used to restore the previous behaviour. (markt)

Refactor Service.getContainer() to return an
Engine rather than a Container. (markt)

34319: Only load those keys in StoreBase.processExpire
from JDBCStore, that are old enough, to be expired. Based on a patch
by Tom Anderson. (fschumacher)

56917: As per RFC7231 (HTTP/1.1), allow HTTP/1.1 and later
redirects to use relative URIs. This is controlled by a new attribute
useRelativeRedirects on the Context and
defaults to true. (markt)

58629: Allow an embedded Tomcat instance to start when the
Service has no Engine configured. (markt)

Correctly notify the MapperListener associated with a Service if the
Engine for that Service is changed. (markt)

Make a web application's CredentialHandler available through a context
attribute. This allows a web application to use the same algorithm
for validating or generating new stored credentials from cleartext
ones. (schultz)

58635: Enable break points to be set within agent code when
running Tomcat with a Java agent. Based on a patch by Huxing Zhang.
(markt)

58655: Fix an IllegalStateException when
calling HttpServletResponse.sendRedirect() with the
RemoteIpFilter. This was caused by trying to correctly
generate the absolute URI for the redirect. With the fix for
56917, redirects may now be relative making the
sendRedirect() implementation for the
RemoteIpFilter much simpler. This also addresses issues
where the redirect may not have behaved as expected when redirecting
from http to https to from https to http. (markt)

58657: Exceptions in a Servlet 3.1 ReadListener
or WriteListener do not need to be immediately fatal to the
connection. Allow an error response to be written. (markt)

Correct implementation of
validateClientProvidedNewSessionId so client provided
session IDs may be rejected if validation is enabled. (markt)

58701: Reset the instanceInitialized field in
StandardWrapper when unloading a Servlet so that a new
instance may be correctly initialized. (markt)

Add a new flag aprPreferred to the Apr listener. if set to
false, when using the connector defaults, it will use
NIO + OpenSSL if tomcat-native is available, rather than the APR
connector. (remm)

Add path parameter handling to
HttpServletRequest.getContextPath(). This is a follow-up to
the fix for 57215. (markt)

58692: Make StandardJarScanner more robust. Log
a warning if a class path entry cannot be scanned rather than triggering
the failure of the web application. Includes a test case written by
Derek Abdine. (markt)

58702: Ensure an access log entry is generated if the client
aborts the connection. (markt)

Fixed various issues reported by Findbugs. (violetagg)

58735: Add support for the X-XSS-Protection
header to the HttpHeaderSecurityFilter. Patch provided by
Jacopo Cappellato. (markt)

Add the StatusManagerServlet to the list of Servlets that
can only be loaded by privileged applications. (markt)

58751: Correctly handle the case where an
AsyncListener dispatches to a Servlet on an asynchronous
timeout and the Servlet uses sendError() to trigger an
error page. Includes a test case based on code provided by Andy
Wilkinson.(markt)

Ensure that the proper file encoding if specified will be used when
a readme file is served by DefaultServlet. (violetagg)

Fix declaration of localPort attribute of Connector MBean:
it is read-only. (kkolinko)

58836: Correctly merge query string parameters when
processing a forwarded request where the target includes a query string
that contains a parameter with no value. (markt/kkolinko)

Make sure that shared Digester is reset in an unlikely error case
in HostConfig.deployWAR(). (kkolinko)

Extend the feature available in the cluster session manager
implementations that enables session attribute replication to be
filtered based on attribute name to all session manager implementations.
Note that configuration attribute name has changed from
sessionAttributeFilter to
sessionAttributeNameFilter. Apply the filter on load as
well as unload to ensure that configuration changes made while the web
application is stopped are applied to any persisted data. (markt)

Extend the session attribute filtering options to include filtering
based on the implementation class of the value and optional
WARN level logging if an attribute is filtered. These
options are available for all of the Manager implementations that ship
with Tomcat. When a SecurityManager is used filtering will
be enabled by default. (markt)

Remove distributable and maxInactiveInterval
from the Manager interface because the attributes are never
used. The equivalent attributes from the Context always
take precedence. (markt)

58867: Improve checking on Host start for WAR files that have
been modified while Tomcat has stopped and re-expand them if
unpackWARs is true. (markt)

Coyote

58621: The certificate chain cannot be set using the main
certificate attribute, so restore the certificate chain property. (remm)

Allow a new SSL config type where a connector can use either JSSE or
OpenSSL. Both could be allowed, but it would likely create support
issues. This type is used by the OpenSSL implementation for NIOx. (remm)

58659: Fix a potential deadlock during HTTP/2 processing when
the connection window size is limited. (markt)

Jasper

57136#c25: Change default value of
quoteAttributeEL setting in Jasper to be true
for better compatibility with other implementations and older versions
of Tomcat. Add command line option -no-quoteAttributeEL in
JspC. (kkolinko)

Cluster

In order to avoid that the heartbeat thread and the background thread to
run Channel.heartbeat simultaneously, if
heartbeatBackgroundEnabled of SimpleTcpCluster
set to true, ensure that the heartbeat thread does not
start. (kfujino)

WebSocket

55006: The WebSocket client now honors the
java.net.java.net.ProxySelector configuration (using the
HTTP type) when establishing WebSocket connections to servers. Based on
a patch by Niki Dokovski. (markt)

58624: Correct a potential deadlock if the WebSocket
connection is closed when a message write is in progress. (markt)

57489: Ensure onClose() is called when a
WebSocket connection is closed even if the sending of the close message
fails. Includes test cases by Barry Coughlan. (markt)

Web Applications

58631: Correct the continuation character use in the Windows
Service How-To page of the documentation web application. (markt)

Correct the SSL documentation for deprecated attributes to point to the
correct, new location for attributes related to individual certificates.
(markt)

58723: Clarify documentation and error messages for the text
interface of the manager to make clear that version must be used with
path when referencing contexts deployed using parallel deployment.
(markt)

Document test.threads option in BUILDING.txt. (kkolinko)

Tribes

Ensure that the static member is registered to the add suspect list even
if the static member that is registered to the remove suspect list has
disappeared. (kfujino)

When using a static cluster, add the members that have been cached in
the membership service to the map members list in order to ensure that
the map member is a static member. (kfujino)

Add support for the startup notification of local members in the static
cluster. (kfujino)

Ignore the unnecessary member remove operation from different domain.
(kfujino)

Add support for the shutdown notification of local members in the static
cluster. (kfujino)

jdbc-pool

Correct evaluation of system property
org.apache.tomcat.jdbc.pool.onlyAttemptCurrentClassLoader.
It was basically ignored before. Reported by coverity scan. (fschumacher)

2015-11-17 Tomcat 9.0.0.M1

General

Make Java 8 the minimum required version to build and run Tomcat 9.
(markt)

Remove support for Comet. (markt)

Tighten up the default file permissions for the .tar.gz
distribution so no files or directories are world readable by default.
Configure Tomcat to run with a default umask of 0027 which
may be overridden by setting UMASK in
setenv.sh. (markt)

Coyote

Add support for HPACK header encoding and decoding, contributed
by Stuart Douglas. (remm)

57108: Add support for Server Name Indication (SNI). There
has been significant changes to the SSL configuration in server.xml to
support this. (markt)

Add SSL engine for JSSE backed by OpenSSL. Includes ALPN support.
Based on code contributed by Numa de Montmollin and derived from code
developed by Twitter and Netty. (remm)

RFC 7230 states that clients should ignore reason phrases in HTTP/1.1
response messages. Since the reason phrase is optional, Tomcat no longer
sends it. As a result the system property
org.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER is no
longer used and has been removed. (markt)

The minimum required Tomcat Native version has been increased to 1.2.2.
The 1.2.x branch includes ALPN and SNI support which are required for
HTTP/2. (markt)

Add support for HTTP/2 including server push. (markt)

Tribes

Clarify the handling of Copy message and Copy nodes. (kfujino)

Other

Support the use of the threads attribute on Ant's
junit task. Note that using this with a value of greater than one will
disable Cobertura code coverage. (markt)